"Follina Exploited by State-Sponsored Hackers"

State-sponsored hackers have been added to the list of adversaries seeking to exploit Microsoft's now-patched Follina vulnerability. According to Proofpoint researchers, state-sponsored hackers attempted to exploit the Follina vulnerability in Microsoft Office by phishing US and EU government targets. Proofpoint researchers suspect that the attackers are linked to a government that has not been identified. Their attacks involve malicious emails containing fake recruitment information that promise a 20 percent raise in salaries. According to Sherrod DeGrippo, vice president of threat research at Proofpoint, about 10 Proofpoint customers had received more than 1,000 of these messages. The malicious attachment targets the Remote Code Execution (RCE) bug called Follina, which exploits the Microsoft Support Diagnostic Tool (MSDT). Microsoft explained that the bug exists when MSDT is called through the URL protocol from a calling application such as Word. If successfully exploited, the Follina flaw can be used to install programs, view, change or delete data, or create new accounts in the context enabled by the user's rights. This article continues to discuss the exploitation of the Follina vulnerability by a government-aligned attacker to attack US and EU government targets. 

Threatpost reports "Follina Exploited by State-Sponsored Hackers"